Open Source

CRLF injection found in popular Python dependency, urllib3

On April 18, 2019 a CRLF injection vulnerability was found in the popular Python library, urllib3. The urllib3 library is ...

JVM Ecosystem Survey 2019

We’re excited to launch the new JVM Ecosystem Survey 2019. The goal of this survey is to understand the lay ...

190,000 users affected by Docker Hub's security breach. Now what?

Docker Hub may have reset your account details if it detected that it was part of the breach. What could ...

How much do we really know about how packages behave on the npm registry?

How many packages on npm can be considered abandoned? How many packages are connected to each other? Let's explore npm ...

Shifting Docker security left

As more organizations create, spread and use Docker containers, the risk of security vulnerabilities grows. Docker images are largely built ...

The top two most popular Docker base images each have over 500 vulnerabilities

Welcome to the Docker security report “Shifting Docker security left”. This report is split into several posts: Shifting Docker security ...

80% of developers are not addressing Docker security

Welcome to the Docker security report: Shifting Docker security left. This report is split into several posts: Shifting Docker security ...

Take actions to improve security in your Docker images

Welcome to the Docker security report: Shifting Docker security left. This report is split into several posts: Shifting Docker security ...

After three years of silence, a new jQuery prototype pollution vulnerability emerges once again

On March 26th, 2019, almost three years after the last jQuery security vulnerability was disclosed, we recently learned about a ...